Context
If a user has no session, redirect them to the /login page.
Backend
- When the user logs in, we need to set a JWT token (we can use https://www.npmjs.com/package/jose, feel free to pick another popular library)
- A
GET /api/session endpoint can return the user object (or jwt token) so that it's easier for the frontend to check if the user is logged in or not.
- All other API requests must pass an
Authentication header with the bearer token. See example:
Authorization: Bearer <my-bearer-token>
If the authentication fails, these endpoints will return a 401 Unauthorized.
Frontend
- We can add an
Auth context that wraps the whole application. This Auth will check if the user is logged in or not. If not, it will redirect the user to the /login page.
Context
If a user has no session, redirect them to the
/loginpage.Backend
GET /api/sessionendpoint can return the user object (or jwt token) so that it's easier for the frontend to check if the user is logged in or not.Authenticationheader with the bearer token. See example:If the authentication fails, these endpoints will return a
401 Unauthorized.Frontend
Authcontext that wraps the whole application. This Auth will check if the user is logged in or not. If not, it will redirect the user to the/loginpage.